How to use RADIUS on Cisco ASA for Shell and Web Authentication
Assume the RADIUS Servers are:
| Cisco ACS Server 1 | 10.120.10.11 |
| Cisco ACS Server 2 | 10.120.10.12 |
aaa-server AAA-RADIUS protocol radius ! aaa-server AAA-RADIUS (Management) host 10.120.10.11 key YYYYXXXYYY ! aaa-server AAA-RADIUS (Management) host 10.120.10.12 key YYYYXXXYYY ! ! Delete the old local only configuration no aaa authentication http console LOCAL no aaa authentication ssh console LOCAL ! aaa authentication http console AAA-RADIUS LOCAL aaa authentication ssh console AAA-RADIUS LOCAL aaa authentication enable console AAA-RADIUS LOCAL aaa authorization command AAA-RADIUS LOCAL !
If you have allready configured aaa for the ssh you might see something like
asa1(config)# aaa authentication ssh console AAA-RADIUS LOCAL
Range already exists.
Then you must first disable the aaa authentication and than add the new settings.
no aaa authentication ssh console LOCAL
aaa authentication ssh console AAA-RADIUS LOCAL
If you feel this helps a bit or may be not ? Please leave a comment.
Patrick Marc's Networks 